Processing empty queue can result with crash:
bluetoothd[1670]:
external/bluetooth/bluez/attrib/gattrib.c:g_attrib_ref() 0x6035878:
ref=2
02-23 21:36:05.650 I/bluetoothd( 1669): ==1670== Invalid
read of size 1
02-23 21:36:05.650 I/bluetoothd( 1669): ==1670== at 0x12151E:
send_dev_pending_response (gatt.c:3914)
02-23 21:36:05.650 I/bluetoothd( 1669): ==1670== by 0x121B33:
process_dev_pending_requests (gatt.c:4228)
02-23 21:36:05.650 I/bluetoothd( 1669): ==1670== by 0x123955:
att_handler (gatt.c:5049)
---
android/gatt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/android/gatt.c b/android/gatt.c
index c173b89..c3dc41c 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -4175,6 +4175,9 @@ static void process_dev_pending_requests(struct gatt_device *device,
{
struct request_processing_data process_data;
+ if (queue_isempty(device->pending_requests))
+ return;
+
process_data.device = device;
process_data.opcode = att_opcode;
--
2.0.0
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
